FreeBSD : ngircd -- format string vulnerability (bc4a7efa-7d9a-11d9-a9e7-0001020eed82)
High Nessus Plugin ID 19100
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA No System Group security advisory reports that ngircd is vulnerable to a format string vulnerability in the Log_Resolver() function of log.c, if IDENT support is enabled. This could allow a remote attacker to execute arbitrary code with the permissions of the ngircd daemon, which is root by default.
Note: By default the FreeBSD ngircd port does not enable IDENT support.
SolutionUpdate the affected package.